Re: Hello

In reply to: Dave Hayes : "Re: Hello"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Obsto Clades via freebsd-hackers <freebsd-hackers_at_FreeBSD.org>
Date: Tue, 30 Nov 2021 22:36:42 UTC
I appreciate your kind words.  I'd appreciate it even more if you spread 
the word to check out my work.  The more white-hat hackers who try to 
hack my OS, the more confidence I will have that my modifications are as 
good as I hope.

On 11/28/21 11:59 AM, Dave Hayes wrote:
> On Sat, 27 Nov 2021 18:26:43 -0500
> George Mitchell <george+freebsd@m5p.com> wrote:
>> On 11/27/21 17:40, Obsto Clades via freebsd-hackers wrote:
>>> If you are interested in checking out my OS, you can find instructions
>>> on my site's home page:  https://obstoclades.tech/
>> Hmm, my mother told me never to click on links in strange emails ...
> Did your mother ever use cURL? :D
>
> prompt> curl -kv https://obstoclades.tech
> *   Trying 209.181.137.95:443...
> * Connected to obstoclades.tech (209.181.137.95) port 443 (#0)
> ...
> * SSL connection using TLSv1.3 / AEAD-AES256-GCM-SHA384
> * ALPN, server accepted to use http/1.1
> * Server certificate:
> *  subject: CN=obstoclades.tech
> *  start date: Oct 16 20:04:54 2021 GMT
> *  expire date: Jan 14 20:04:53 2022 GMT
> *  issuer: C=US; O=Let's Encrypt; CN=R3
> *  SSL certificate verify result: unable to get local issuer certificate (20),
> continuing anyway.
>
> It seems there's a problem with his certificate chain, but this is not unusual.
>
>> GET / HTTP/1.1
>> Host: obstoclades.tech
>> User-Agent: curl/7.77.0
>> Accept: */*
>>
> * Mark bundle as not supporting multiuse
> < HTTP/1.1 200 OK
> < Server: nginx/1.20.1
> < Date: Sun, 28 Nov 2021 19:50:00 GMT
> < Content-Type: text/html; charset=utf-8
> < Transfer-Encoding: chunked
> < Connection: keep-alive
> < Cache-Control: no-cache, no-store, must-revalidate
> < Pragma: no-cache
> < Expires: 0
>
> No obvious problem there. The only possibly questionable thing (other than
> jquery, which comes from google) is this:
>
>   <script src="js/obstoclades.js" defer="defer"></script>
>
> which is this:
>
> /*
>   * File:  obstoclades.js
>   * Copyright (c) 2017 Obsto Clades, LLC
>   */
>
> $(document).ready(function()
> {
>      var $content = $(".content").hide();
>      $(".img").on("click", function (e)
>      {
>          $(this).parent().parent().toggleClass("expanded");
>      	var ttt = $(this).parent().children(".tooltiptext");
>          if ($(this).parent().parent().hasClass("expanded"))
>          {
>          	ttt.replaceWith("<span class=\"tooltiptext\">Click to
> close</span>"); }
>          else
>          {
>          	ttt.replaceWith("<span class=\"tooltiptext\">Click to
> open</span>"); }
>          $(this).parent().parent().next().slideToggle();
>      });
>      var textHeight = $("#left-side-header-text").height();
>      $("#old_english_sheepdog").height(textHeight).width(textHeight);
>      $("#button").click(function()
>      {
>          $("#contactus-form").submit();
>      })
> });
>
> There's nothing in that I can see that's malicious. I could be wrong.
>
> I looked briefly at the content. This person is trying to do good by security,
> so in my book it's worth a look. If said machine is actually impervious to
> sudo root, and all the compilers/interpreters work, that's likely going to
> work well. Am I missing something here?

-- 
Obsto Clades, LLC